AnyConnect Secure Mobility Client 5.1.10.233
GlobalEnums.h
1/*******************************************************************************
2* Copyright (c) 2007, 2022 Cisco Systems Inc.
3* All Rights Reserved. Cisco Highly Confidential.
4********************************************************************************
5**
6** GlobalEnums.h
7**
8** Contains enumerations used in the API and TLV classes.
9**
10*********************************************************************************/
11
12#ifndef __GLOBALENUMS_H
13#define __GLOBALENUMS_H
14
15/***** PUT ONLY ENUMS IN THIS FILE AS IT IS ALSO USED BY THE MIDL COMPILER *****\
16\******************** This is also compiled with IDL compiler **********************/
17
18enum ConnectProtocolType
19{
20 PROTOCOL_TYPE_UNKNOWN = 0,
21 PROTOCOL_TYPE_SSL,
22 PROTOCOL_TYPE_IPSEC,
23};
24
25enum ProtocolVersion
26{
27 PROTO_VERSION_UNKNOWN = 0,
28 PROTO_VERSION_TLS10 = 1,
29 PROTO_VERSION_SSL30 = 2,
30 PROTO_VERSION_DTLS10 = 3,
31 PROTO_VERSION_IPSEC = 4,
32 PROTO_VERSION_IPSEC_NAT_T = 5,
33 PROTO_VERSION_TLS11 = 6,
34 PROTO_VERSION_TLS12 = 7,
35 PROTO_VERSION_DTLS12 = 8,
36 PROTO_VERSION_TLS13 = 9,
37};
38
39enum ProtocolCipher
40{
41 PROTO_CIPHER_UNKNOWN = 0,
42 PROTO_CIPHER_RSA_RC4_128_MD5 = 1,
43 PROTO_CIPHER_RSA_RC4_128_SHA1 = 2,
44 PROTO_CIPHER_RSA_DES_56_SHA1 = 3,
45 PROTO_CIPHER_RSA_3DES_168_SHA1 = 4,
46 PROTO_CIPHER_RSA_AES_128_SHA1 = 5,
47 PROTO_CIPHER_RSA_AES_256_SHA1 = 6,
48 PROTO_CIPHER_ENC_NULL_MD5 = 7,
49 PROTO_CIPHER_ENC_NULL_SHA1 = 8,
50 PROTO_CIPHER_RC4_128 = 9,
51 PROTO_CIPHER_RC4_128_MD5 = 10,
52 PROTO_CIPHER_RC4_128_SHA1 = 11,
53 PROTO_CIPHER_DES_56 = 12,
54 PROTO_CIPHER_DES_56_MD5 = 13,
55 PROTO_CIPHER_DES_56_SHA1 = 14,
56 PROTO_CIPHER_DES_56_SHA256 = 15,
57 PROTO_CIPHER_DES_56_SHA384 = 16,
58 PROTO_CIPHER_DES_56_SHA512 = 17,
59 PROTO_CIPHER_3DES_168 = 18,
60 PROTO_CIPHER_3DES_168_MD5 = 19,
61 PROTO_CIPHER_3DES_168_SHA1 = 20,
62 PROTO_CIPHER_3DES_168_SHA256 = 21,
63 PROTO_CIPHER_3DES_168_SHA384 = 22,
64 PROTO_CIPHER_3DES_168_SHA512 = 23,
65 PROTO_CIPHER_AES_128 = 24,
66 PROTO_CIPHER_AES_128_MD5 = 25,
67 PROTO_CIPHER_AES_128_SHA1 = 26,
68 PROTO_CIPHER_AES_128_SHA256 = 27,
69 PROTO_CIPHER_AES_128_SHA384 = 28,
70 PROTO_CIPHER_AES_128_SHA512 = 29,
71 PROTO_CIPHER_AES_192 = 30,
72 PROTO_CIPHER_AES_192_MD5 = 31,
73 PROTO_CIPHER_AES_192_SHA1 = 32,
74 PROTO_CIPHER_AES_192_SHA256 = 33,
75 PROTO_CIPHER_AES_192_SHA384 = 34,
76 PROTO_CIPHER_AES_192_SHA512 = 35,
77 PROTO_CIPHER_AES_256 = 36,
78 PROTO_CIPHER_AES_256_MD5 = 37,
79 PROTO_CIPHER_AES_256_SHA1 = 38,
80 PROTO_CIPHER_AES_256_SHA256 = 39,
81 PROTO_CIPHER_AES_256_SHA384 = 40,
82 PROTO_CIPHER_AES_256_SHA512 = 41,
83 PROTO_CIPHER_AES_128_GCM = 42,
84 PROTO_CIPHER_AES_192_GCM = 43,
85 PROTO_CIPHER_AES_256_GCM = 44,
86 PROTO_CIPHER_RSA_AES_128_SHA256 = 45, // TLS 1.2
87 PROTO_CIPHER_RSA_AES_256_SHA256 = 46,
88 PROTO_CIPHER_DHE_RSA_AES_128_SHA256 = 47,
89 PROTO_CIPHER_DHE_RSA_AES_256_SHA256 = 48,
90 PROTO_CIPHER_ECDHE_ECDSA_AES256_GCM_SHA384 = 49, // TLS 1.2 phase 2
91 PROTO_CIPHER_ECDHE_RSA_AES256_GCM_SHA384 = 50,
92 PROTO_CIPHER_DHE_RSA_AES256_GCM_SHA384 = 51,
93 PROTO_CIPHER_AES256_GCM_SHA384 = 52,
94 PROTO_CIPHER_ECDHE_ECDSA_AES256_SHA384 = 53,
95 PROTO_CIPHER_ECDHE_RSA_AES256_SHA384 = 54,
96 PROTO_CIPHER_ECDHE_ECDSA_AES128_GCM_SHA256 = 55,
97 PROTO_CIPHER_ECDHE_RSA_AES128_GCM_SHA256 = 56,
98 PROTO_CIPHER_DHE_RSA_AES128_GCM_SHA256 = 57,
99 PROTO_CIPHER_AES128_GCM_SHA256 = 58,
100 PROTO_CIPHER_ECDHE_ECDSA_AES128_SHA256 = 59,
101 PROTO_CIPHER_ECDHE_RSA_AES128_SHA256 = 60,
102 PROTO_CIPHER_DHE_RSA_AES256_SHA = 61,
103 PROTO_CIPHER_DHE_RSA_AES128_SHA = 62,
104 PROTO_CIPHER_AES_128_GCM_SHA256 = 63, // TLS 1.3
105 PROTO_CIPHER_AES_256_GCM_SHA384 = 64,
106 PROTO_CIPHER_CHACHA20_POLY1305_SHA256 = 65,
107 PROTO_CIPHER_AES_128_CCM_SHA256 = 66
108};
109
110typedef enum
111{
112 COMPR_NONE = 0,
113 COMPR_DEFLATE = 1,
114 COMPR_LZS = 2
115} COMPR_ALGORITHM;
116
117/*
118** VPN Session States
119** New states must be added to the end of the list.
120** Downloader tests states, so altering existing states requires verification
121** that there won't be backward compability issues with downloader.
122*/
123//BUGBUG Suggested by Marc: Rename the STATE enum and its symbolic values.
124//BUGBUG We should probably change the enum name from STATE to VPNSES_STATE and
125//BUGBUG the prefixes on the values from STATE_ to VSS_ (for VPN session state).
126//BUGBUG The API and GUI code have to deal with a number of different states, and the
127//BUGBUG generically named STATE is not very self documenting.
128//BUGBUG It's a throw back from the very earliest code for SSL VPN.
129typedef enum
130{
131 STATE_CONNECTING,
132 STATE_CONNECTED,
133 STATE_RECONNECTING,
134 STATE_DISCONNECTING,
135 STATE_DISCONNECTED,
136 STATE_PAUSING,
137 STATE_PAUSED,
138 STATE_AUTHENTICATING,
139 STATE_SSOPOLLING, // Api is doing the auth-poll.
140 STATE_UNDEFINED,
141} STATE;
142
143/*
144** Tunnel sub-states
145** New sub-states must be added to the end of the list.
146** Sub-states are meant to provide additional details, if necessary, about
147** any of the VPN connection states.
148** Substates prefixed with "VCSS_MT_" correspond to the management tunnel.
149*/
150enum VPNCON_SUBSTATE
151{
152 VCSS_NORMAL = 0,
153 VCSS_INDEFINITE_DELAY = (1 << 0),
154 VCSS_SESSION_EXPIRING = (1 << 1),
155 VCSS_MT_DISCONNECTED_DISABLED = (1 << 2),
156 VCSS_MT_DISCONNECTED_TRUSTED_NW = (1 << 3),
157 VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE = (1 << 4),
158 VCSS_MT_DISCONNECTED_LAUNCH_FAILED = (1 << 5),
159 VCSS_MT_DISCONNECTED_CONNECT_FAILED = (1 << 6),
160 VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG = (1 << 7),
161 VCSS_MT_DISCONNECTED_SW_UP_PENDING = (1 << 8),
162 VCSS_MTU_ADJUSTMENT_PENDING = (1 << 9)
163};
164
165typedef enum
166{
167 NCS_RESTRICTED = 0, //a client configuration has been applied to the endpoints
168 //operating system configuration
169 NCS_PARTIAL_RESTRICTED_CAPTIVE_PORTAL, //a client configuration has been applied to the
170 //endpoints operating system configuration to allow
171 //captive portal remediation
172 NCS_UNRESTRICTED //the endpoints operating system configuration is not currently altered by the client
173} NETCTRL_STATE;
174
175
176// Note that while these values are defined like a bitmap, the network environment state
177// is not used as a bitmap. No two values are ever combined. They are used like linear
178// values. The bitmap arrangement of values is to enable testing for many possible values
179// all at once in a single compare without having to do a series of compares against
180// different linear values.
181//
182typedef enum
183{
184 NES_NO_NETWORK_INTERFACE = (1 << 0),
185 NES_NO_PUBLIC_INTERFACE = (1 << 1),
186 NES_NO_DNS_CONNECTIVITY = (1 << 2),
187 NES_CAPTIVE_PORTAL_DETECTED = (1 << 3),
188 NES_AUTH_PROXY_DETECTED = (1 << 4),
189 NES_NETWORK_ACCESSIBLE = (1 << 5),
190 NES_SECURE_GATEWAY_ACCESSIBLE = (1 << 6)
191} NETENV_STATE;
192
193
194// Trusted Network Detection types.
195typedef enum
196{
197 NT_TRUSTED,
198 NT_UNTRUSTED,
199 NT_UNDEFINED
200} NETWORK_TYPE;
201
202// Firewall enums
203typedef enum
204{ FW_PERMISSION_UNKNOWN,
205 FW_PERMISSION_PERMIT,
206 FW_PERMISSION_DENY
207} FW_Permission;
208
209typedef enum
210{ FW_PROTOCOL_UNKNOWN,
211 FW_PROTOCOL_TCP,
212 FW_PROTOCOL_UDP,
213 FW_PROTOCOL_ICMP,
214 FW_PROTOCOL_ANY
215} FW_Protocol;
216
217typedef enum
218{
219 FW_INTERFACE_UNKNOWN,
220 FW_INTERFACE_PUBLIC,
221 FW_INTERFACE_PRIVATE
222} FW_Interface;
223
224typedef enum
225{
226 FW_RULE_DIRECTION_IN,
227 FW_RULE_DIRECTION_OUT,
228 FW_RULE_DIRECTION_BOTH
229} FW_Rule_Direction;
230
231typedef enum
232{
233 MUS_STATUS_UNKNOWN = 0,
234 MUS_STATUS_ENABLED,
235 MUS_STATUS_DISABLED,
236 MUS_STATUS_UNCONFIRMED
237} MUS_STATUS;
238
239// These can be used to get/set an automatic preference value using the
240// generic UserPreferences.getAutomaticPreferenceValue() and
241// setAutomaticPreferenceValue() methods, rather than using the individual
242// getters/setters.
243typedef enum
244{
245 HeadendSelectionCacheId = 0,
246 DefaultUserId,
247 DefaultSecondUserId,
248 DefaultHostId,
249 DefaultGroupId,
250 ProxyHostId,
251 ProxyPortId,
252 SDITokenTypeId,
253 NoSDITokenId,
254 ClientCertThumbprintId,
255 ServerCertThumbprintId,
256 UnknownAutomaticPreference
257} AutoPreferenceId ;
258
259// Used to determine if CPublicProxies, CPrivateProxies or no proxies should be used.
260typedef enum
261{
262 TRANSPORT_PROXY_NONE,
263 TRANSPORT_PROXY_PUBLIC,
264 TRANSPORT_PROXY_CURRENT
265} TRANSPORT_PROXY_TYPE;
266
267// user authentication methods
268// these are shared between Agent and API
269//
270// Note that IKE PSK is supported for reconnects only. The API can never
271// initiate an IPsec connection using IKE PSK authentication.
272typedef enum
273{
274 USER_AUTH_UNKNOWN = 0,
275 USER_AUTH_SSL_MACHINE_STORE_CERT,
276 USER_AUTH_IKE_PSK,
277 USER_AUTH_IKE_RSA,
278 USER_AUTH_IKE_ECDSA,
279 USER_AUTH_IKE_EAP_MD5,
280 USER_AUTH_IKE_EAP_MSCHAPv2,
281 USER_AUTH_IKE_EAP_GTC,
282 USER_AUTH_IKE_EAP_ANYCONNECT, // Default
283} USER_AUTH_METHOD;
284
285typedef enum
286{
287 CFR_NONE = 0,
288 CFR_HOST_UNREACHABLE,
289} CONNECT_FAILURE_REASON;
290
291typedef enum
292{
293 DYN_SPLIT_TUN_EXC,
294 DYN_SPLIT_TUN_INC
295} DYN_SPLIT_TUN_TYPE;
296
297typedef enum
298{
299 VPN_TUNNEL_SCOPE_USER,
300 VPN_TUNNEL_SCOPE_MACHINE,
301 VPN_TUNNEL_SCOPE_UNDEFINED
302} VPN_TUNNEL_SCOPE;
303
304#define IS_USER_TUNNEL(x) (VPN_TUNNEL_SCOPE_USER == x)
305#define IS_MGMT_TUNNEL(x) (VPN_TUNNEL_SCOPE_MACHINE == x)
306
307#endif // __GLOBALENUMS_H